Get a Demo
Platform
Why SentinelOne?
Services
Partners
Resources
About
Pricing
Get a Demo
Back to Resources

SentinelOne VS SmoothOperator – Detection and Forensics

Video
SentinelOne VS SmoothOperator – Detection and Forensics

– As of Mar 22, 2023 SentinelOne began to see a spike in behavioral detections of the 3CXDesktopApp, a popular voice and video conferencing software product categorized as a Private Automatic Branch Exchange (PABX) platform.
– Behavioral detections prevented these trojanized installers from running and led to immediate default quarantine.
– The trojanized 3CXDesktopApp is the first stage in a multi-stage attack chain that pulls ICO files appended with base64 data from Github and ultimately leads to a 3rd stage infostealer DLL still being analyzed as of the time of writing.
– At this time, we cannot confirm that the Mac installer is similarly trojanized. Our ongoing investigation includes additional applications like the Chrome extension that could also be used to stage attacks.
– The compromise includes a code signing certificate used to sign the trojanized binaries.
– Our investigation into the threat actor behind this supply chain is ongoing. The threat actor has registered a sprawling set of infrastructure starting as early as February 2022, but we don’t yet see obvious connections to existing threat clusters.

Watch Now
Related Resources
Video
LABScon24 Replay | Kryptina RaaS: From Unsellable Cast-off to Enterprise Ransomware | Jim Walter
Video
RSAC 2025: Join SentinelOne
Video
Is DeepSeek a Cybersecurity Threat? SentinelOne’s Alex Stamos Answers.
Video
SentinelOne and Aston Martin F1 Team

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.

Request a Demo